98870053f992cdf24078e994d74a2390_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

98870053f992cdf24078e994d74a2390_JaffaCakes118
Size

352KB
MD5

98870053f992cdf24078e994d74a2390
SHA1

ab1b4fa7bd2ba730ba12336bc3a15bc7b2c55d84
SHA256

fea6adf451d8a886caf3f2c2ee7ea298a0ae15640443227310ab12a18ff42086
SHA512

c1668b500eae59108d07f38605c381c7832ba6424522ff6f458914ccf7b90986e141f6a1e59e5ffca864862558b491c085188cb2818e94250fd08a4969c99589
SSDEEP

6144:RwtcuvtLsnTE/3OeLWKr4aa94eNekkNFhHpUHSaBfJER:RwKuZHWIehNe9FRMf4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98870053f992cdf24078e994d74a2390_JaffaCakes118

Files

98870053f992cdf24078e994d74a2390_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9a0f394cd38b00bda42100a1c76bf2b3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GlobalAddAtomA
CopyFileW
HeapFree
GetStringTypeExW
GetModuleHandleA
GetProfileSectionA
EnumCalendarInfoW
FindAtomA
GetStartupInfoA

oleacc

AccessibleObjectFromWindow
AccessibleChildren
LresultFromObject
GetStateTextW
ObjectFromLresult

shlwapi

PathCompactPathA

msimg32

GradientFill
AlphaBlend

msvcrt

_controlfp
__getmainargs
_except_handler3
_exit
_XcptFilter
exit
_acmdln
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

winmm

DrvGetModuleHandle
mmioAscend
auxSetVolume
midiStreamStop
mmioInstallIOProcW
waveInGetDevCapsA
midiOutLongMsg
mixerGetLineControlsA
waveInClose
waveOutGetErrorTextW
mmioSendMessage
mciGetErrorStringA
OpenDriver
waveOutMessage
midiOutUnprepareHeader
waveOutClose
mixerGetControlDetailsW
timeKillEvent
midiInStart
sndPlaySoundW
waveOutGetDevCapsW
mciGetErrorStringW
CloseDriver
midiOutGetErrorTextA
mmioStringToFOURCCA
mciSendCommandA
waveOutSetPitch
midiInUnprepareHeader
timeGetSystemTime
midiOutSetVolume
mmioFlush
midiOutOpen
midiDisconnect
mmioOpenW
mixerGetLineControlsW
midiOutGetErrorTextW
midiOutGetDevCapsA
midiInGetErrorTextW
mmioRenameA
PlaySoundA
mixerClose
joySetCapture
waveInReset
joyGetThreshold
midiInStop
waveOutSetVolume
waveInAddBuffer
midiOutGetNumDevs
mmioStringToFOURCCW
midiOutCacheDrumPatches
midiStreamClose
GetDriverModuleHandle
midiOutGetID
auxOutMessage
waveOutGetPosition
midiInGetNumDevs
midiInGetDevCapsW
joySetThreshold
mciGetYieldProc
mixerOpen
timeGetTime
DefDriverProc
midiStreamOut
joyGetPos
mciGetDeviceIDFromElementIDW
midiInClose
waveOutRestart
joyGetNumDevs
mmioAdvance
mciGetDeviceIDA
mmioRenameW
joyGetDevCapsW
auxGetDevCapsA
mciSendCommandW
waveInGetID
midiOutShortMsg
mmioRead
waveInGetPosition
mixerGetLineInfoW
midiInReset
mixerGetNumDevs
auxGetVolume
waveOutGetVolume
midiInGetErrorTextA
mixerMessage
midiOutCachePatches
waveInUnprepareHeader
midiInMessage
waveOutGetDevCapsA
mmioGetInfo
timeSetEvent
auxGetDevCapsW
joyGetDevCapsA
waveInGetErrorTextA
auxGetNumDevs
mmioOpenA
mixerGetDevCapsA
midiOutClose
midiOutReset
mmioClose
waveInStart

advapi32

IsValidSecurityDescriptor
GetFileSecurityA

winspool.drv

DeletePrinterDriverExW
AdvancedDocumentPropertiesA
DeletePrinterDriverW
DeletePortW
AddPrinterDriverA
AddPrinterDriverW
DeletePrinter
ConfigurePortA
PrinterProperties
GetPrinterDriverA
SetPrinterDataExA
EnumJobsW
AddPrinterConnectionA
ConfigurePortW
DeletePrintProcessorW
ResetPrinterW
EnumPrintersW
GetJobW
GetPrinterW
FindFirstPrinterChangeNotification
GetPrinterDriverW
WritePrinter
DeleteFormA
DeletePortA
GetFormW
AddFormA
EnumPrintProcessorsW
GetPrinterDriverDirectoryA
EnumPrinterDataExW
SetFormW
SetPortW
AddPortA
EnumFormsA
DeletePrinterDriverExA
DeletePrintProvidorA
DeletePrinterDriverA
StartDocPrinterA
GetPrintProcessorDirectoryW
GetPrinterA
SetPrinterW
AddPrinterA
GetFormA
AddPrinterW
AddPrinterDriverExA
EnumPrinterDriversA
EnumPrinterDataW
EndPagePrinter
StartPagePrinter
DeletePrinterDataExW
EnumJobsA
AddMonitorW

Sections

.text
Size: 304KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a0f394cd38b00bda42100a1c76bf2b3

Headers

File Characteristics

Imports

kernel32

oleacc

shlwapi

msimg32

msvcrt

winmm

advapi32

winspool.drv

Sections

.text Size: 304KB - Virtual size: 300KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 258KB

.rsrc Size: 32KB - Virtual size: 30KB

.text
Size: 304KB - Virtual size: 300KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 258KB

.rsrc
Size: 32KB - Virtual size: 30KB